| Message ID | 20181129095559.26007-1-lorenzo.pieralisi@arm.com (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
| Series | ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value | expand |
On 2018/11/29 17:55, Lorenzo Pieralisi wrote: > Running the Clang static analyzer on IORT code detected the following > error: > > Logic error: Branch condition evaluates to a garbage value > > in > > iort_get_platform_device_domain() > > If the named component associated with a given device has no IORT > mappings, iort_get_platform_device_domain() exits its MSI mapping loop > with msi_parent pointer containing garbage, which can lead to erroneous > code path execution. Not sure if we have such use cases that named component associated with a given device has no IORT mappings, but this patch still make sense to me, Reviewed-by: Hanjun Guo <hanjun.guo@linaro.org> Thanks Hanjun
On Thu, Nov 29, 2018 at 07:34:40PM +0800, Hanjun Guo wrote: > On 2018/11/29 17:55, Lorenzo Pieralisi wrote: > > Running the Clang static analyzer on IORT code detected the following > > error: > > > > Logic error: Branch condition evaluates to a garbage value > > > > in > > > > iort_get_platform_device_domain() > > > > If the named component associated with a given device has no IORT > > mappings, iort_get_platform_device_domain() exits its MSI mapping loop > > with msi_parent pointer containing garbage, which can lead to erroneous > > code path execution. > > Not sure if we have such use cases that named component associated with > a given device has no IORT mappings, but this patch still make sense to > me, Yes, it is to make the kernel more robust against questionable (but valid) firmware bindings. Thanks, Lorenzo
On Thu, Nov 29, 2018 at 09:55:59AM +0000, Lorenzo Pieralisi wrote: > Running the Clang static analyzer on IORT code detected the following > error: > > Logic error: Branch condition evaluates to a garbage value > > in > > iort_get_platform_device_domain() > > If the named component associated with a given device has no IORT > mappings, iort_get_platform_device_domain() exits its MSI mapping loop > with msi_parent pointer containing garbage, which can lead to erroneous > code path execution. > > Initialize the msi_parent pointer, fixing the bug. > > Fixes: d4f54a186667 ("ACPI: platform: setup MSI domain for ACPI based > platform device") > Reported-by: Patrick Bellasi <patrick.bellasi@arm.com> > Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> > Cc: Will Deacon <will.deacon@arm.com> > Cc: Hanjun Guo <hanjun.guo@linaro.org> > Cc: Sudeep Holla <sudeep.holla@arm.com> > Cc: Catalin Marinas <catalin.marinas@arm.com> > Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net> > --- > drivers/acpi/arm64/iort.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Acked-by: Will Deacon <will.deacon@arm.com> Looks like one for 4.20. Will > diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c > index 2a361e22d38d..70f4e80b9246 100644 > --- a/drivers/acpi/arm64/iort.c > +++ b/drivers/acpi/arm64/iort.c > @@ -700,7 +700,7 @@ static void iort_set_device_domain(struct device *dev, > */ > static struct irq_domain *iort_get_platform_device_domain(struct device *dev) > { > - struct acpi_iort_node *node, *msi_parent; > + struct acpi_iort_node *node, *msi_parent = NULL; > struct fwnode_handle *iort_fwnode; > struct acpi_iort_its_group *its; > int i; > -- > 2.19.2 >
diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c index 2a361e22d38d..70f4e80b9246 100644 --- a/drivers/acpi/arm64/iort.c +++ b/drivers/acpi/arm64/iort.c @@ -700,7 +700,7 @@ static void iort_set_device_domain(struct device *dev, */ static struct irq_domain *iort_get_platform_device_domain(struct device *dev) { - struct acpi_iort_node *node, *msi_parent; + struct acpi_iort_node *node, *msi_parent = NULL; struct fwnode_handle *iort_fwnode; struct acpi_iort_its_group *its; int i;
Running the Clang static analyzer on IORT code detected the following error: Logic error: Branch condition evaluates to a garbage value in iort_get_platform_device_domain() If the named component associated with a given device has no IORT mappings, iort_get_platform_device_domain() exits its MSI mapping loop with msi_parent pointer containing garbage, which can lead to erroneous code path execution. Initialize the msi_parent pointer, fixing the bug. Fixes: d4f54a186667 ("ACPI: platform: setup MSI domain for ACPI based platform device") Reported-by: Patrick Bellasi <patrick.bellasi@arm.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Hanjun Guo <hanjun.guo@linaro.org> Cc: Sudeep Holla <sudeep.holla@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net> --- drivers/acpi/arm64/iort.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)